Author Topic: JS:Redirector-MR in my wordpress site  (Read 5067 times)

0 Members and 1 Guest are viewing this topic.

shrmony

  • Guest
JS:Redirector-MR in my wordpress site
« on: December 29, 2011, 10:38:25 PM »
ht-p://www.scientiahow.com/
i know that the virus is in the theme i want to know in what file and how to remove this virus
« Last Edit: December 29, 2011, 10:41:50 PM by shrmony »

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Redirector-MR in my wordpress site
« Reply #1 on: December 29, 2011, 10:40:56 PM »
Can you please make the link nonclickable, shrmony?

Change http to hXtp, as it avoids accidental clicks.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

shrmony

  • Guest
Re: JS:Redirector-MR in my wordpress site
« Reply #2 on: December 29, 2011, 10:42:20 PM »
done

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Redirector-MR in my wordpress site
« Reply #3 on: December 29, 2011, 10:51:03 PM »
Sucuri gives us some malicious links it found.


Do you know how to edit the source of your site?
« Last Edit: December 29, 2011, 10:54:54 PM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

shrmony

  • Guest
Re: JS:Redirector-MR in my wordpress site
« Reply #4 on: December 29, 2011, 10:56:30 PM »
Sucuri gives us some malicious links it found.


Do you know how to edit the source of your site?
the infect is in the template file so it will be in all links

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Redirector-MR in my wordpress site
« Reply #5 on: December 29, 2011, 11:01:58 PM »
Alright. Can you edit your template file?

If so, do a search for p,a,c,k,e,r

And remove the code attached.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Redirector-MR in my wordpress site
« Reply #6 on: December 29, 2011, 11:09:07 PM »
the infect is in the template file so it will be in all links
When I view your homepage, I also see this malicious script (not loaded by a secondary file), so remove it from your homepage as well.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

shrmony

  • Guest
Re: JS:Redirector-MR in my wordpress site
« Reply #7 on: December 29, 2011, 11:49:26 PM »
the infect is in the template file so it will be in all links
When I view your homepage, I also see this malicious script (not loaded by a secondary file), so remove it from your homepage as well.
i deleted the p,a,c,k,e,r script from the footer is there any thing else?

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Redirector-MR in my wordpress site
« Reply #8 on: December 29, 2011, 11:56:15 PM »
It appears in your 404 javascript
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

shrmony

  • Guest
Re: JS:Redirector-MR in my wordpress site
« Reply #9 on: December 30, 2011, 12:12:13 AM »
It appears in your 404 javascript
i have deleted it now from all files i can get
thanks very much
another question
what is this virus used for ?

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Redirector-MR in my wordpress site
« Reply #10 on: December 30, 2011, 12:22:31 AM »
It's a Dead Edwards virus.

This kind of virus is packed by Dean Edwards packer, which can be found at his site.

This code attempts to load a malicious page from another site.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: JS:Redirector-MR in my wordpress site
« Reply #11 on: December 30, 2011, 12:22:50 AM »
Quote
what is this virus used for ?
as it say...JS:Redirector.....it will send you somwhere else   ;)

and that place may have additional malware...




Sucuri info on Dean Edwards packer

http://sucuri.net/new-malware-evalfunctionpacked.html
http://sucuri.net/malware/malware-entry-mwjsdepack

and on wordpress
http://sucuri.net/?s=wordpress

« Last Edit: December 30, 2011, 12:32:03 AM by Pondus »

shrmony

  • Guest
Re: JS:Redirector-MR in my wordpress site
« Reply #12 on: December 30, 2011, 12:30:51 AM »
really thanks for you all ::)

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Redirector-MR in my wordpress site
« Reply #13 on: December 30, 2011, 01:40:47 PM »
Your welcome!  ;)
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."